setrrecruitment.blogg.se - Inkscape website

#INKSCAPE WEBSITE UPDATE#

Inkscape has fixed these vulnerabilities and recommends users update to Version Inkscape 1.0 or later. Tran Van Khang – khangkito (VinCSS), working with Trend Micro’s Zero Day Initiative, reported these vulnerabilities to CISA. COMPANY HEADQUARTERS LOCATION: Open-source.

CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors.

A CVSS v3 base score of 7.8 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.ĬVE-2021-42704 has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). The affected product can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.ĬVE-2021-42702 has been assigned to this vulnerability. 3.2.2 ACCESS OF UNINITIALIZED POINTER CWE-824

The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.ĬVE-2021-42700 has been assigned to this vulnerability. The following versions of the Inkscape open-source graphics editor are affected:ģ.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 Successful exploitation of these vulnerabilities could allow unauthorized information disclosure and code execution. Vulnerabilities: Out-of-bounds Read, Access of Uninitialized Pointer, Out-of-bounds Write.Equipment: Inkscape, an open-source graphics editor.